UK Snoopers' Charter Set for Independent Review Over Bulk Data Clause

The controversial bill — which UK Prime Minister tried to get through the last parliament after forming a coalition in 2020, but failed due to opposition from coalition party the Liberal Democrats — allows for police and the security services to intercept "communications, equipment interference and the acquisition and retention of communications data, bulk personal datasets and other information."

However, May has agreed that parts of the bill covering the bulk hacking and data collection are to be scrutinized by David Anderson, the independent reviewer of terrorism legislation, whose previous report, 'A Question of Trust', which set out strict terms for mass data collection. 

The legislation is being put through parliament in the UK Government's latest attempt to stem the criticism brought about after the revelations by ex-CIA Edward Snowden who exposed mass surveillance and collection of data by the UK intelligence agency GCHQ and the US National Security Agency (NSA).

Critics have said the draft legislation — in its current form — will allow police and the intelligence agencies to demand that communication services providers (CSPs) retain mass volumes of data on users' emails, browsing, social media use and mobile communication for up to 12 months.

Back-Door Access

The proposed law will allow for the security services to demand "backdoor access" to their technology — a case reminiscent of the US FBI's current face-off with Apple over backdoor access to its phone technology.

It will also allow a UK Secretary of State "flexible" powers to demand access to communications data, the power to demand communications be routed via a certain electronic path and secrecy from the Communication Service Providers (CSPs).

Documents associated with the draft legislation state that:

"CSPs may be required under section 217 of the Act to provide a technical capability to give effect to interception, equipment interference, bulk acquisition warrants or communications data acquisition authorizations. The purpose of maintaining a technical capability is to ensure that, when a warrant is served, companies can give effect to it securely and quickly." 

The documents also state that the CSPs are under a duty not to disclose to customers that their data is being retained. "Any person to whom a technical capability notice is given, or any person employed or engaged for the purposes of that person's business, is under a duty not to disclose the existence or contents of that notice to any person," the documents say.